Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034481 - How to configure RSA NetWitness server to send FQDN in EHLO response

Document created by RSA Customer Support

on Dec 1, 2016•Last modified by RSA Customer Support on Apr 17, 2019

Version 4Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034481
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: SA Security Analytics Server RSA Version/Condition: 10.6.x and 11.x Platform: CentOS O/S Version: 6 and 7
Issue	SA server fails to send any notification email even after configuring Global Notification with the correct SMTP setting. Mail server is configured to accept only FQDN but monitoring the packets with tcpdump shows that SA server sends hostname instead of FQDN in EHLO response as shown below. E.g. TestServer is shown instead of TestServer.test.local 05:34:23.842234 IP x.x.x.x.42635 > 10.106.48.137.25: Flags [P.], seq 1:18, ack 115, win 115, length 17 0x0000: 4500 0039 4f50 4000 4006 86b2 0a3e 1f8c E..9OP@.@....>.. 0x0010: 0a6a 3089 a68b 0019 ae27 17d8 25d5 592a .j0......'..%.Y* 0x0020: 5018 0073 64e8 0000 4548 4c4f 2011 512a P..sd...EHLO.Test 0x0030: 4733 5121 2312 420d 0a Server..
Resolution	By default, postfix uses the hostname of the SA server in EHLO response. In order to resolve the issue, follow the user guide to change the hostname of the SA server to FQDN. --Version 10.x After following the User Guide to change the hostname, please modify /etc/puppet/csr_attributes.yaml on the SA server to update the hostname with FQDN and reboot the SA server host. If on version 11.x please contact support for assistance with changing the hostname.

Attachments

Outcomes

0 Comments

Recommended Content